-2- 



AMENDMENT TO THE CLAIMS 

1. (currently amended) A method of providing Resource-Event- Agent (REA) model based 
security, the method comprising: 

identifying an REA defined association of a type which dictates ownership between a 

first object and a second object in an REA model; 
creating an association class object for the REA defined association between the first object 

and the second object, the association class object having properties defining security 

between the first object and the second object; and 
storing the association class object on a i myfek computer re*U4est«$: n.- medium for use 

in providing security between the first object and the second object. 

2. (canceled) 

3. (previously presented) The method of claim 1, wherein creating the association class object 
further comprises creating one or more association class objects having properties, the properties 
of the one or more association class objects defining security between a first class of objects of 
which the first object is a member and a second class of objects of which the second object is a 
member. 

4. (previously presented) The method of claim 1, wherein the second object is a securable object. 

5. (original) The method of claim 4, wherein the first object is of a particular agent type, and 
wherein a role for a user is defined by the particular agent type for the first object. 

6. (original) The method of claim 5, wherein the second object is a contract or agreement type 
object. 

7. (original) The method of claim 5, wherein the second object is a commitment type object. 
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8. (original) The method of claim 5, wherein the second object is an event type object. 

9. (original) The method of claim 5, wherein the second object is a resource type object. 

10. (original) The method of claim 5, wherein the second object is an agent type object. 

11. (previously presented) The method of claim 5, wherein identifying the REA defined 
association of the type which dictates ownership between the first object and the second object 
further comprises identifying an REA defined control type association between the first object 
and the second object. 

12. (previously presented) The method of claim 5, wherein identifying the REA defined 
association of the type which dictates ownership between the first object and the second object 
further comprises identifying an REA defined custody type association between the first object 
and the second object. 

13. (previously presented) The method of claim 5, wherein creating the association class object 
for the REA defined association between the first object and the second object further comprises 
creating the association class object in a security model. 

14. (previously presented) The method of claim 13, wherein creating the association class object 
in the security model further comprises creating the association class object in the security model 
separate from the REA model. 



15. (previously presented) The method of claim 13, wherein creating the association class object 
in the security model further comprises creating the association class object in the security model 
as part of the REA model. 

16. (original) The method of claim 13, wherein defining security between the first object and the 
second object further comprises defining permissions and rights of the first object relative to the 
second object. 

17. (original) The method of claim 16, wherein defining permissions and rights of the first object 
relative to the second object further comprises dynamically determining the permissions and 
rights in a security policy logic module outside of the security model. 

18. (currently amended) A ta^gi^e-computer readable s torage m edium having computer- 
executable instructions for performing steps of a method of providing Resource-Event-Agent 
(REA) model based security, the steps comprising: 

identifying an REA defined association of a type which dictates ownership between a 

first object and a second object in an REA model; 
creating an association class object for the REA defined association between the first 

object and the second object, the association class object having properties 

defining security between the first object and the second object; and 
storing the association class object on the fa - - , ^ x computer readable m^'.j^c medium for 

use in providing security between the first object and the second object. 



19. (canceled) 



20. (currently amended) The computer - x ^ ;o medium of claim 18, wherein creating 
the association class object further comprises creating one or more association class objects 
having properties, the properties of the one or more association class objects defining security 
between a first class of objects of which the first object is a member and a second class of objects 
of which the second object is a member. 

21. (currently amended) The computer ^r>\k-*b<o- - ^ > medium of claim 18, wherein the first 
object is of a particular agent type, and wherein a role for a user is defined by the particular agent 
type for the first object. 

22. (currently amended) The computer ^ ^v^o medium of claim 21, wherein the second 
object is a contract or agreement type object. 

23. (currently amended) The computer geadabie -storage medium of claim 21, wherein the second 
object is a commitment type object. 

24. (currently amended) The computer ■ -^uM-e medium of claim 21, wherein the second 
object is an event type object. 

25. (currently amended) The computer ! v ,o medium of claim 21, wherein the second 
object is a resource type object. 

26. (currently amended) The computer r-ea i\ s sto 3 O o medium of claim 21, wherein the second 
object is an agent type object. 
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27. (currently amended) The computer - o medium of claim 18, wherein identifying 
the REA defined association of the type which dictates ownership between the first object and 
the second object further comprises identifying an REA defined control type association between 
the first object and the second object. 

28. (currently amended) The computer re a da b le - s torage m edium of claim 18, wherein identifying 
the REA defined association of the type which dictates ownership between the first object and 
the second object further comprises identifying an REA defined custody type association 
between the first object and the second object. 

29. (currently amended) The computer %+ + ^ medium of claim 18, wherein creating 
the association class object for the REA defined association between the first object and the 
second object further comprises creating the association class object in a security model. 

30. (currently amended) The computer -r-eada-bfc - storage m edium of claim 29, wherein creating 
the association class object in the security model further comprises creating the association class 
object in the security model separate from the REA model. 

31. (currently amended) The computer {-\niabk?- Mota^o medium of claim 29, wherein creating 
the association class object in the security model further comprises creating the association class 
object in the security model as part of the REA model. 

32. (currently amended) The computer s s ,o medium of claim 29, wherein defining 
security between the first object and the second object further comprises defining permissions 
and rights of the first object relative to the second object. 
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33. (currently amended) The computer a^-H-i ^ t> i;; medium of claim 32, wherein defining 
permissions and rights of the first object relative to the second object further comprises 
dynamically determining the permissions and rights in a security policy logic module outside of 
the security model. 

34. (currently amended) A system, embodied in a computing device, for providing security, the 
system comprising: 

a Resource-Event- Agent (REA) model stored on a laag&l computer mt bl< 

medium and configured to implement a first object, a second object, and an REA 
defined association of a type which dictates ownership between the first object and 
the second object; 

a security model stored on the tangible computer readable storagg medium and configured 
to implement an association class object for the REA defined association between 
the first object and the second object in the REA model, such that properties of 
the association class object define security between the first object and the second 
object. 

35. (canceled) 

36. (previously presented) The system of claim 34, wherein the association class object further 
comprises one or more association class objects having properties, the properties of the one or 
more association class objects defining security between a first class of objects of which the first 
object is a member and a second class of objects of which the second object is a member. 

37. (previously presented) The system of claim 34, wherein the security model is separate from 
the REA model. 



38. (previously presented) The system of claim 34, wherein the security model is part of the 
REA model. 



39. (previously presented) The system of claim 34, and further comprising a security policy logic 
module coupled to the security model and configured to dynamically determine permissions and 
rights of the first object relative to the second object. 



